One of the recurring annoyances with WSL 2 is that a Linux service can be working perfectly inside the VM and still not be reachable the way you expect from outside the host.

This note came from the simple case: I wanted SSH access into a WSL 2 environment on Windows 10, and the missing piece was not the Linux service. It was the Windows networking glue around it.

The Basic Idea

The pattern is:

  • run SSH inside WSL 2 on a known port
  • forward a Windows listening port to the current WSL 2 IP address
  • open the Windows firewall for that port

Port Proxy Rule

The core Windows command was:

1

netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=31337 connectaddress=<wsl-ip-address> connectport=31337

The important thing to remember is that the connectaddress is the current WSL 2 IP, not some permanent host identity. That means if the WSL 2 address changes, the forwarding rule may need to be updated.

Firewall Rule

Then allow the port through Windows Firewall:

1

netsh advfirewall firewall add rule name="Open Port 31337 for WSL2" dir=in action=allow protocol=TCP localport=31337

Verify the Rule

To inspect the configured proxy rules:

1

netsh interface portproxy show v4tov4

And if I needed to wipe the forwarding rules and start over:

1

netsh int portproxy reset all

Why This Note Matters

This is the kind of thing that can feel obvious after you have done it once, but only after. Before that, it is easy to waste time poking at the SSH daemon inside WSL when the real problem is that Windows is not forwarding anything to it yet.

Closing Thought

This is not really an SSH article. It is a reminder that WSL 2 is still a virtualized network boundary. If you want external reachability, you need to account for the Windows side of that boundary too.